1 Privacy notice
This privacy notice serves as an explanation of the manner, scope, and purpose of processing personal data (hereinafter “data”) as part of our online presence and the websites, functions, and content associated with this, as well as external online presences, such as our social media profiles. (Hereinafter mutually referred to as “online content”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR).
GANTNER Electronic GmbH
6714 Nüziders, Austria
1.2 Data protection officer
Belgium / Netherlands / England:
8900 Ypres, Belgium
GANTNER Electronic GmbH Deutschland
44894 Bochum, Germany
Graf Consultings GmbH
86949 Windach, Germany
1.3 Types of data processed:
- Contact data (e.g. name, email, telephone numbers)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
1.4 Categories of data subjects
Visitors and users of the online content.
1.5 Purpose of processing
- Provision of the online content, its functions and content
- Responding to contact inquiries and communication with users
- Security measures
1.6 Terms used
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered as identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie), or to one or more particular characteristics that are the expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person. “Processing” refers to any process carried out with our without the use of automated procedures or any such series of processes in connection with personal data. The term is applied broadly and includes practically any handling of data.
2 Relevant legal basis
In accordance with Art. 13 GDPR, we would like to inform you about the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: The legal basis for obtaining consent is Article 6 Para. 1 (a) and Art. 7 GDPR, the legal basis for processing in the performance of our services and the execution of contractual measures, as well as for responding to inquiries, is Art. 6 Para. 1 (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 Para. 1 (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 Para. 1 (f) GDPR. In the event that crucial interests of the data subject or any other natural person require the processing of personal data, Art. 6 Para. 1 (d) GDPR serves as the legal basis.
2.1 Cooperation with contractual processors and third parties
If, as part of our processing, we disclose data to other persons and companies (order processors or third parties), transmit data to them, or otherwise grant access to the data, this is done only on the basis of a legal permission (e.g. if a transmission of the data to third parties, or to payment service providers, pursuant to Art. 6 Para. 1 (b) GDPR is necessary to fulfill a contract), which you have granted, a legal obligation requires this, or on the basis of our legitimate interests (e.g. when commissioning agents, web hosters, etc.). Provided that we commission third parties to process data on the basis of so-called “order processing agreements”, this is carried out on the basis of Art. 28 GDPR.
2.2 Transmissions to third countries
If we process data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)) or in the context of using third party services or disclosing or transmitting data to third parties, this will only be done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual allowances, we will process data in a third country only if the special conditions of Art. 44 (ff) GDPR exist. This means that processing will only occur on the basis of specific guarantees, such as the officially recognized level of EU data protection (e.g. the Privacy Shield for the USA) or in compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
2.3 Rights of the data subject
You have the right to request confirmation on whether related data is processed as well as information on this data and further information on copies of the data in accordance with Art. 15 GDPR. According to Art. 16 GDPR, you have the right to request completion of data that pertains to you or correction of incorrect data that pertains to you. According to Art. 17 GDPR, you have the right to request the immediate erasure of data that pertains to you, or, according to Art. 18 GDPR, request a limitation on processing this data. You have the right to demand that data pertaining to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other responsible parties. You also have the right, according to Art. 77 GDPR, to submit a complaint to relevant regulatory authorities.
You can exercise your rights at any time by emailing the following address: datenschutz(@)gc-gmbh.com.
2.4 Right of revocation
You have the right, according to Art. 7 Para 3. GDPR, to revoke consent given with effect for the future.
2.5 Right of objection
You can refuse the future processing of data pertaining to you at any time according to Art. 21 GDPR. In particular, you may object to processing for purposes of direct advertising.
2.6 Cookies and right of refusal for direct advertising
2.7 Erasure of data
We erase the data we process, or limit the processing of such, in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data we store will be deleted as soon as it is no longer necessary for its intended purpose and this deletion does not conflict with any statutory storage requirements. If this data is not deleted because it is required for other and legally-permitted purposes, its processing will be limited. This means that the data will be locked and not used for other purposes. This also applies to data that must be stored for commercial or tax reasons. According to legal requirements in Germany, this storage period is 6 years in particular according to § 257 Para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, tax documents, etc.). According to legal requirements in Austria, this storage is 7 years in particular according to § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, documents, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
The hosting services we utilize serve to provide the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security services, as well as technical maintenance services that we utilize for the purpose of administering this online content. Here, we, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online content on the basis of our legitimate interests in the efficient and secure provision of this online content pursuant to Art. 6 Para. 1 (f) GDPR in connection with Art. 28 GDPR (closing of order processing agreement).
2.9 Collection of access data and log files
We, or our hosting provider, collects data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in the sense of Art. 6 Para. 1 (f) GDPR. This access data includes the name of the web page retrieved, file, date, and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the page previously visited), IP address, and the requesting provider. Log file information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from erasure until the incident is finally resolved.
3 Making contact
When contacting us (e.g. via the contact form, email, telephone, or social media), the user’s information is processed in order to handle and settle the contact request in accordance with Art. 6 Para. 1 (b) GDPR. The user’s information may be saved in a customer relationship management system (“CRM-System”) or similar inquiry organization system. We delete requests as soon as they are no longer required. We review their necessity every two years. In addition, legal archiving obligations apply.
The following information serves to inform you of the content of our newsletter and the registration, distribution, and statistical evaluation processes, as well as your right to object. By subscribing to our newsletter, you provide your agreement to receive such and your agreement with the processes described. Content of the newsletter: We send out newsletters, emails, and other electronic messages with advertising information (hereinafter “newsletter”) only with the consent of the recipient or legal permission to do such. If the content of a newsletter is concretely described when subscribing to the newsletter, this content is decisive for the consent of the user. Apart from that, our newsletters contain information on us and our services. Double opt-in and logging: Interested parties register for our newsletter via a so-called double out-in procedure. This means that, after registration, they receive an email requesting confirmation of their registration. This confirmation is necessary to prevent anyone from registering with email addresses that are not their own. Registrations to the newsletter are logged in order to substantiate the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Similarly, changes to your data stored with the dispatch provider will be recorded. Registration data: When registering for the newsletter, all you need to provide is your email address. We will also request that you optionally provide your name for the purpose of personally addressing the newsletter. Germany: The dispatch of the newsletter and related performance measurement is based on the recipient’s consent according to Art. 6 Para. 1 (a), Art. 7 GDPR in connection with § 7 Para. 2 Clause 3 UWG, or on the basis of legal permission pursuant to § 7 Para. 3 UWG. The registration process is recorded on the basis of our legitimate interests according to Art. 6 Para. 1 (f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that both serves our commercial interests and meets the expectations of the user, as well as allowing us to prove consent. Cancellation/revocation – You can cancel the receipt, or revoke your consent, of our newsletter at any time. You can find a link to unsubscribe from the newsletter at the bottom of every newsletter. We may save the email addresses provided for up to three years on the basis of our legitimate interests, before we erase them for the purpose of sending out the newsletter, in order to provide evidence of prior consent. The processing of this data is limited to the purpose of potential defense against claims. You may request an individual erasure at any time, provided the former existence of consent is confirmed at the same time.
4.1 Newsletter – dispatch provider
4.2 Newsletter – performance measurement
The newsletters contain a so-called “web beacon”, meaning a pixel-sized file that is called up from our server when the newsletter is opened, or that is called up from the dispatch provider’s server if we are using one. When this beacon is called, technical information, such as information on your browser and system, as well as your IP address and the time of access, is collected first. This information is used for technical improvements of the services using technical data or target groups and their reading behavior using the location of the request (which is determined using the IP address) or access times. Statistical analyses also include a determination of whether the newsletter is opened, when it is opened, and which links are clicked. This information can be assigned to the individual newsletter recipients for technical reasons. However, it is not our intention nor, if used, that of the dispatch provider, to monitor individual users. These evaluations serve to help us determine the reading habits of our users and adapt our content to them, or send them different content based on their interests.
5 Links to other websites
6 Online presences in social media
We maintain online presences on social networks and platforms in order to communicate there with active customers, interested parties, and users, and to inform them there of our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise specified in our privacy notice, we process user data if they communicate with us on social networks and platforms, e.g. if they submit posts on our online presence or send us messages.
7 Google Analytics